-
On the Insecurity of Software Bloat
Good essay on software bloat and the insecurities it causes. The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected. Because of this, there is a huge attack surface full of mediocre code. Efforts are ongoing to improve the quality of code itself, but many exploits are…
-
Microsoft, OpenAI Confirm Nation-States are Weaponizing Generative AI in Cyber-Attacks
Microsoft and OpenAI found that nation-state groups are using generative AI tools to support cyber campaigns rather than developing novel attack techniques Read More
-
2024: Practical cyber action plan- Survive and thrive
‘Cyber insecurity’ is among the most pressing issues facing organizations globally in 2024, according to new research from the World Economic Forum (WEF). In its Global Cybersecurity Outlook 2024 report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year. How can businesses implement…
-
2024: Practical cyber action plan- Survive and thrive
‘Cyber insecurity’ is among the most pressing issues facing organizations globally in 2024, according to new research from the World Economic Forum (WEF). In its Global Cybersecurity Outlook 2024 report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year. How can businesses implement…
-
GoldPickaxe Trojan Blends Biometrics Theft and Deepfakes to Scam Banks
Group-IB warns of new Trojan GoldPickaxe designed to bypass banking facial recognition with deepfakes Read More
-
North Korea successfully hacks email of South Korean President’s aide, gains access to sensitive information
The office of South Korean president Yoon Suk Yeol has confirmed that North Korea hacked into the personal emails of one of its staff members. Read more in my article on the Hot for Security blog. Read More
-
Smashing Security podcast #359: Declaring war on ransomware gangs, mobile muddles, and AI religion
Holy mackerel! AI is jumping on the religion bandwagon, ransomware gangs target hospitals, and what’s happened to your old mobile phone number? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.…
-
See me speak at webinar about data security for financial services
Join me and Metomic CEO Richard Vibert for a discussion about some of the cybersecurity challenges faced by the financial services industry, and how you can best protect your organisations. Sign up now for the free event on February 29 2024. Read More
-
Water Hydra’s Zero-Day Attack Chain Targets Financial Traders
CVE-2024-21412 was used to evade Microsoft Defender SmartScreen and implant victims with DarkMe Read More
-
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote at a symposium on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held…